I have an Ubuntu server 16.04 where I've installed observium to monitor the server itself and this part is working fine, I can see the event logs.
After that I have followed instructions on how to add syslog: http://docs.observium.org/syslog/
But when I open syslog on the server there is error message:
"No syslog entries found!".
Is there anything else I need to do (aside from the Observium webpage instructions above)?
Thank you
UPDATE 1:
rsyslogd version 8.16.0
When I try to use direct logging it works fine.
So here is the configuration file:
#---------------------------------------------------------
#send remote logs to observium
template(name="observium"
type="string"
string="%fromhost%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg%||%programname%\n")
$ModLoad omprog
# rsyslog Input Modules
input(type="imudp"
port="514"
ruleset="observium")
# rsyslog RuleSets
ruleset(name="observium") {
action(type="omprog"
binary="/opt/observium/syslog.php"
template="observium")
}
*.* stop
#---------------------------------------------------------
And instead of that I put it without ruleset:
#---------------------------------------------------------
#send remote logs to observium
#ceph-mon.=notice; ~
template(name="observium"
type="string"
string="%fromhost%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg%||%programname%\n")
$ModLoad omprog
action(type="omprog"
binary="/opt/observium/syslog.php"
template="observium")
*.* stop
#---------------------------------------------------------
It works 🙂
So there is another question. Do I need to use ruleset
? If so, has anybody else experienced the same/similar issue and how did you solve it?
Thank you!
Best Answer
Yea I saw this issue too.
I mistakenly enabled "input(type="imudp" port="514")" in both rsyslogd.conf and 30-observium.conf. You want to enable the imudp module in rsyslogd.conf and enable the input->ruleset action for it in 30-observium.conf
/etc/rsyslog.conf;
/etc/rsyslog.d/30-observium.conf should be;
I also had to comment out the last line as it was making rsyslog silently fail.
PS; Every time you make changes to the syslog filters, you need to restart rsyslog as it caches the resulting syslog.php script at startup.